Latest in Gear

Image credit: Igor Bonifacic / Engadget

Some apps used Twitter and Facebook logins to steal personal information

Another reminder not to blindly use your Facebook and Twitter logins to access third-party apps.
278 Shares
Share
Tweet
Share
Save

Sponsored Links

Igor Bonifacic / Engadget

If you've used your Twitter or Facebook account to log in to another app on your phone, some of your personal information could have been accessed by shady developers. On Monday, Twitter published a notice on its website that says that some third-party developers may have used a software development kit called oneAudience to obtain your email, username and last tweet and shared it with the company that created the tool. Facebook says it too had fallen victim to the oneAudience scam and plans to issue a similar notice to its users later today.

Twitter says the vulnerability isn't within Twitter itself, "but rather the lack of isolation between SDKs within an application." The company adds that it doesn't have evidence to suggest someone exploited the issue to take control of anyone's account -- but does warn that the possibility is there. The company says it has contacted both Apple and Google about the issue, but notes that it doesn't have evidence to suggest any iOS users had their personal information taken. We've reached out to Twitter, Facebook, Apple and Google for additional information and comment, and we'll update this article when we hear back from them.

Twitter ends the note by saying it plans to contact anyone who has been affected by the issue. "There is nothing for you to do at this time, but if you think you may have downloaded a malicious application from a third-party app store, we recommend you delete it immediately," the company says.

As for Facebook, a spokesperson for the company told Engadget that it has taken away login access from any apps that violated its policies, and issued cease and desist letters to oneAudience and Mobiburn (another SDK that offers similar functionality to oneAudience). The company went on to say that apps that used oneAudience and Mobiburn could have shared information like name, email, and gender with the companies that created the SDKs. Facebook plans to notify 9.5 million people that their data has potentially been compromised.

While this doesn't seem to be as large as last year's Cambridge Analytica data abuse, the potential exposure of people's data could be yet another factor that erodes faith people have in Facebook's ability to keep their personal information secure. More than that, though, it's a reminder not to blindly use Facebook or Twitter logins for third-party apps and services unless you know exactly what they're doing with that information.

Update 5:13PM ET: This article has been updated to more clearly reflect that user data was compromised through malicious third party software, rather than through a direct hack of Facebook's code.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
278 Shares
Share
Tweet
Share
Save

Popular on Engadget

A 'Snow Crash' TV series is coming to HBO Max

A 'Snow Crash' TV series is coming to HBO Max

View
New Orleans declares state of emergency following cyberattack

New Orleans declares state of emergency following cyberattack

View
Recommended Reading: The science fiction of William Gibson

Recommended Reading: The science fiction of William Gibson

View
The Morning After: Does the Mac Pro cost too much?

The Morning After: Does the Mac Pro cost too much?

View
Google Maps satellite images cover 98 percent of the world's population

Google Maps satellite images cover 98 percent of the world's population

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr